Opened 11 years ago

Closed 11 years ago

#2428 closed defect (fixed)

ffplay crashes on weird file

Reported by: Carl Eugen Hoyos Owned by:
Priority: important Component: ffplay
Version: git-master Keywords: crash regression
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

With the sample from ticket #2424:
http://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket2424/

(gdb) r aspect_bug.mkv
Starting program: ffplay_g aspect_bug.mkv
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffplay version N-51524-gccc2537 Copyright (c) 2003-2013 the FFmpeg developers
  built on Apr  2 2013 22:48:41 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --disable-indev=jack
  libavutil      52. 24.100 / 52. 24.100
  libavcodec     55.  2.100 / 55.  2.100
  libavformat    55.  1.100 / 55.  1.100
  libavdevice    55.  0.100 / 55.  0.100
  libavfilter     3. 48.105 /  3. 48.105
  libswscale      2.  2.100 /  2.  2.100
  libswresample   0. 17.102 /  0. 17.102
  libpostproc    52.  2.100 / 52.  2.100
[New Thread 0x7ffff677a700 (LWP 24919)]
[New Thread 0x7ffff4d7d700 (LWP 24920)]
[New Thread 0x7ffff447b700 (LWP 24921)]
Input #0, matroska,webm, from 'aspect_bug.mkv':KB sq=    0B f=0/0
  Duration: 00:01:00.06, start: 0.000000, bitrate: 4395 kb/s
    Stream #0:0(eng): Video: h264 (High), yuv420p, 1280x536 [SAR 1:1 DAR 160:67], SAR 67:3 DAR 160:3, 23.98 fps, 23.98 tbr, 1k tbn, 47.95 tbc (default)
    Stream #0:1(ger): Audio: dts (DTS), 48000 Hz, 5.1(side), fltp, 768 kb/s
    Metadata:
      title           : DTS
    Stream #0:2(ger): Subtitle: subrip
    Metadata:
      title           : Forced
[New Thread 0x7ffff3afd700 (LWP 24922)]
[New Thread 0x7ffff32fc700 (LWP 24923)]
[New Thread 0x7ffff2afb700 (LWP 24924)]
[New Thread 0x7ffff22fa700 (LWP 24925)]
[New Thread 0x7ffff1af9700 (LWP 24926)]
[New Thread 0x7ffff12f8700 (LWP 24927)]
[New Thread 0x7ffff0af7700 (LWP 24928)]
[New Thread 0x7fffebfff700 (LWP 24929)]
[New Thread 0x7fffeb7fe700 (LWP 24930)]
[New Thread 0x7fffeaffd700 (LWP 24931)]
[New Thread 0x7fffea7fc700 (LWP 24932)]
[New Thread 0x7fffe9ffb700 (LWP 24933)]
   0.10 A-V: -0.026 fd=   0 aq= 3140KB vq=12237KB sq=    0B f=0/0
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffea7fc700 (LWP 24932)]
0x00007ffff69f8249 in _int_free () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff69f8249 in _int_free () from /lib64/libc.so.6
#1  0x0000000000bbf50c in av_free (ptr=<optimized out>) at libavutil/mem.c:194
#2  av_freep (arg=arg@entry=0x7fffe4000a90) at libavutil/mem.c:201
#3  0x0000000000bb37fe in av_buffer_unref (buf=buf@entry=0x7fffe4000a90)
    at libavutil/buffer.c:112
#4  0x0000000000bb9945 in av_frame_unref (frame=0x7fffe40008c0) at libavutil/frame.c:342
#5  0x000000000045711c in video_thread (arg=0x7ffff447c040) at ffplay.c:1982
#6  0x00007ffff7875e96 in ?? () from /usr/lib64/libSDL-1.2.so.0
#7  0x00007ffff78b8cd9 in ?? () from /usr/lib64/libSDL-1.2.so.0
#8  0x00007ffff764fe0e in start_thread () from /lib64/libpthread.so.0
#9  0x00007ffff6a632cd in clone () from /lib64/libc.so.6

The crash is a regression since 32fdfdf
(valgrind claims a crash in sdl)

Attachments (1)

wide.avi (1.3 MB ) - added by Carl Eugen Hoyos 11 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 by Clément Bœsch, 11 years ago

This was possibly fixed with Ticket #2424; can you confirm?

(I can't reproduce here)

Last edited 11 years ago by Clément Bœsch (previous) (diff)

comment:2 by Carl Eugen Hoyos, 11 years ago

"Fixed" is the wrong word imo, could you test 36babfd ? I was unable to see if it crashes here in libsdl or FFmpeg.

comment:3 by Michael Niedermayer, 11 years ago

I dont think keeping this bug open is of any use. Especially at "important" level
noone will hunt bugs in obsolete versions, for all we know it could have been fixed after the aspect change or it could have been in SDL. Also if iam not mistaken noone could reproduce it

by Carl Eugen Hoyos, 11 years ago

Attachment: wide.avi added

in reply to:  3 comment:4 by Carl Eugen Hoyos, 11 years ago

Replying to michael:

Also if iam not mistaken noone could reproduce it

I thought nobody ever tested it.

New file attached, gdb still claims a crash in libavcodec, valgrind suggests an invalid write in SDL_FillRect.

(gdb) r wide.avi
Starting program: ffplay_g wide.avi
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffplay version N-53307-g5a65fea Copyright (c) 2003-2013 the FFmpeg developers
  built on May 21 2013 01:59:51 with gcc 4.7 (SUSE Linux)
  configuration: --disable-asm --disable-optimizations
  libavutil      52. 33.100 / 52. 33.100
  libavcodec     55. 10.101 / 55. 10.101
  libavformat    55.  7.100 / 55.  7.100
  libavdevice    55.  1.100 / 55.  1.100
  libavfilter     3. 68.101 /  3. 68.101
  libswscale      2.  3.100 /  2.  3.100
  libswresample   0. 17.102 /  0. 17.102
[New Thread 0x7ffff5e02700 (LWP 17927)]
[New Thread 0x7ffff4405700 (LWP 17928)]
[New Thread 0x7ffff3b03700 (LWP 17929)]
Input #0, avi, from 'wide.avi':    0KB vq=    0KB sq=    0B f=0/0
  Metadata:
    encoder         : Lavf54.29.104
  Duration: 00:00:02.00, start: 0.000000, bitrate: 5342 kb/s
    Stream #0:0: Video: mpeg4 (Simple Profile) (FMP4 / 0x34504D46), yuv420p, 1280x536 [SAR 111:5 DAR 3552:67], SAR 3551:160 DAR 53:1, 23.98 fps, 23.98 tbr, 23.98 tbn, 24k tbc
[New Thread 0x7ffff3302700 (LWP 17930)]
[New Thread 0x7ffff2b01700 (LWP 17931)]
[New Thread 0x7ffff2300700 (LWP 17932)]
[New Thread 0x7ffff1aff700 (LWP 17933)]
[New Thread 0x7ffff12fe700 (LWP 17934)]
[New Thread 0x7ffff0afd700 (LWP 17935)]
[New Thread 0x7fffebfff700 (LWP 17936)]
[New Thread 0x7fffeb7fe700 (LWP 17937)]
[New Thread 0x7fffeaffd700 (LWP 17938)]
[New Thread 0x7fffea7fc700 (LWP 17939)]
   0.15 A-V:  0.000 fd=   0 aq=    0KB vq=   86KB sq=    0B f=0/0
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffea7fc700 (LWP 17939)]
0x00007ffff659d249 in _int_free () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff659d249 in _int_free () from /lib64/libc.so.6
#1  0x0000000000cdd148 in av_free (ptr=0x7fffc4020160) at libavutil/mem.c:194
#2  0x0000000000cdd16d in av_freep (arg=0x7fffe4000a90) at libavutil/mem.c:201
#3  0x0000000000ccfe62 in av_buffer_unref (buf=0x7fffe4000a90) at libavutil/buffer.c:112
#4  0x0000000000cd72b7 in av_frame_unref (frame=0x7fffe40008c0) at libavutil/frame.c:344
#5  0x000000000040c488 in video_thread (arg=0x7ffff3b04010) at ffplay.c:1961
#6  0x00007ffff741ae96 in ?? () from /usr/lib64/libSDL-1.2.so.0
#7  0x00007ffff745dcd9 in ?? () from /usr/lib64/libSDL-1.2.so.0
#8  0x00007ffff71f4e0e in start_thread () from /lib64/libpthread.so.0
#9  0x00007ffff66082cd in clone () from /lib64/libc.so.6

With -threads 1, it plays ok, but I get a (different) crash on eof / quit:

(gdb) bt
#0  0x00007ffff6558d25 in raise () from /lib64/libc.so.6
#1  0x00007ffff655a1a8 in abort () from /lib64/libc.so.6
#2  0x00007ffff6596fcb in __libc_message () from /lib64/libc.so.6
#3  0x00007ffff659cb66 in malloc_printerr () from /lib64/libc.so.6
#4  0x0000000000cdd148 in av_free (ptr=0x7ffff29a8010) at libavutil/mem.c:194
#5  0x0000000000cdd16d in av_freep (arg=0x7fffec013a60) at libavutil/mem.c:201
#6  0x00000000008f4e47 in free_duplicate_context (s=0x7fffec010fb0)
    at libavcodec/mpegvideo.c:588
#7  0x00000000008f7d7f in ff_MPV_common_end (s=0x7fffec010fb0) at libavcodec/mpegvideo.c:1250
#8  0x00000000006abb9f in ff_h263_decode_end (avctx=0x7fffec0011f0)
    at libavcodec/h263dec.c:130
#9  0x0000000000a2e0a2 in avcodec_close (avctx=0x7fffec0011f0) at libavcodec/utils.c:2375
#10 0x000000000040eb69 in stream_component_close (is=0x7ffff3b04010, stream_index=0)
    at ffplay.c:2629
#11 0x000000000040fbf1 in read_thread (arg=0x7ffff3b04010) at ffplay.c:2946
#12 0x00007ffff741ae96 in ?? () from /usr/lib64/libSDL-1.2.so.0
#13 0x00007ffff745dcd9 in ?? () from /usr/lib64/libSDL-1.2.so.0
#14 0x00007ffff71f4e0e in start_thread () from /lib64/libpthread.so.0
#15 0x00007ffff66082cd in clone () from /lib64/libc.so.6

comment:5 by Carl Eugen Hoyos, 11 years ago

Component: undeterminedFFplay
Resolution: fixed
Status: newclosed

Fixed by Marton.

Note: See TracTickets for help on using tickets.